RISEUP, the Seattle-based collective that provides secure online communication tools designed for social activists, has confirmed that it received warrants from the FBI to inspect two users' emails.
Riseup users had warned on social media that the group's "warrant canary" - a statement confirming that an organisation has not been issued with a court order to compromise users' details - had not been updated for the Winter 2016 quarter, a sign that the group may have been served with a gagging order preventing it from notifying its users of a warrant.
In November, Riseup issued a cryptic tweet, which users interpreted as a reference to the non-renewal of the warrant canary, saying: "Listen to the hummingbird, whose wings you cannot see, listen to the hummingbird, don't listen to me. #LeonardCohen"
The organisation has now confirmed that it received both a warrant from the FBI to inspect the emails of two users, alongside a gagging order preventing Riseup from going public.
On its blog, Riseup writes: "After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization). The first concerned the public contact address for an international DDoS extortion ring. The second concerned an account using ransomware to extort money from people."
"Extortion activities clearly violate both the letter and the spirit of the social contract we have with our users: We have your back so long as you are not pursuing exploitative, misogynist, racist, or bigoted agendas. There was a 'gag order' that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our 'canary'"
As of Thursday, Riseup is now encrypting all new plaintext emails on its servers in such a way that even staff cannot read them. Existing emails will be migrated to the new system in due course.
It will also redraft its warrant canary to differentiate between law enforcement agencies' legitimate interests in pursuing criminals and intrusive surveillance of other members.
"The canary was so broad that any attempt to issue a new one would be a violation of a gag order related to an investigation into a DDoS extortion ring and ransomware operation," it writes.
"This is not desirable, because if any one of a number of minor things happen, it signals to users that a major thing has happened."
"Our initial canary strategy was only harming users by freaking them out unnecessarily when minor events happened. A canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason.
"The current canary is limited to significant events that could compromise the security of Riseup users."
Welcome to the dystopia Black Mirror warned us about
Microsoft in 'more helpful' shock
A whole new way to be tied to your ISP
Search giant puts Epyc chips at the heart of its datacentre servers